[Pkg-wmaker-commits] [wmbiff] 13/77: permissions checking for .wmbiffrc (if it exists), some minor cleanup associated with this.

Doug Torrance dtorrance-guest at moszumanska.debian.org
Thu Aug 20 03:01:04 UTC 2015 

This is an automated email from the git hooks/post-receive script.

dtorrance-guest pushed a commit to tag wmbiff_0_4_0
in repository wmbiff.

commit 73549000d8ca9ff3f4b98f2b17dc8ec688d0ce28
Author: bluehal <bluehal>
Date:   Tue Apr 9 07:44:28 2002 +0000

    permissions checking for .wmbiffrc (if it exists), some minor cleanup associated with this.
---
 wmbiff/wmbiff.c | 70 +++++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 53 insertions(+), 17 deletions(-)

diff --git a/wmbiff/wmbiff.c b/wmbiff/wmbiff.c
index 2f25825..aad42a4 100644
--- a/wmbiff/wmbiff.c
+++ b/wmbiff/wmbiff.c
@@ -1,4 +1,4 @@
-/* $Id: wmbiff.c,v 1.19 2002/04/07 05:08:23 bluehal Exp $ */
+/* $Id: wmbiff.c,v 1.20 2002/04/09 07:44:28 bluehal Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -56,9 +56,6 @@ const char *skin_filename = "wmbiff-master-led.xpm";
 /* /usr/local/share/wmbiff if compiled locally. */
 /* / is there in case a user wants to specify a complete path */
 /* . is there for development. */
-/* this should eventually be derived at compile (or
-   configure) time to use PREFIX from the makefile, but I (blueHal)
-   prefer to wait for autoconf integration. */
 const char *skin_search_path = DEFAULT_SKIN_PATH;
 
 int ReadLine(FILE *, char *, char *, int *);
@@ -80,10 +77,9 @@ void sigchld_handler(int sig);
 
 int debug_default = DEBUG_ERROR;
 
-void init_biff(char *uconfig_file)
+void init_biff(char *config_file)
 {
 	int i, j, loopinterval = DEFAULT_LOOP;
-	char config_file[256];
 	char *m;
 
 	for (i = 0; i < 5; i++) {
@@ -120,21 +116,11 @@ void init_biff(char *uconfig_file)
 	};
 #endif
 
-	/* Read config file */
-	if (uconfig_file[0] != 0) {
-		/* user-specified config file */
-		DMA(DEBUG_INFO, "Using user-specified config file '%s'.\n",
-			uconfig_file);
-		strcpy(config_file, uconfig_file);
-	} else
-		sprintf(config_file, "%s/.wmbiffrc", getenv("HOME"));
-
 	DMA(DEBUG_INFO, "config_file = %s.\n", config_file);
-
 	if (!Read_Config_File(config_file, &loopinterval)) {
 		if (m == NULL) {
 			DMA(DEBUG_ERROR, "Cannot open '%s' nor use the "
-				"MAIL environment var.\n", uconfig_file);
+				"MAIL environment var.\n", config_file);
 			exit(1);
 		}
 		/* we are using MAIL environment var. type mbox */
@@ -228,6 +214,42 @@ char *search_path(const char *path, const char *find_me)
 	return (NULL);
 }
 
+/* verifies that .wmbiffrc, is a file, is owned by the user,
+   is not world writeable, and is not world readable.  This
+   is just to help keep passwords secure */
+static int wmbiffrc_permissions_check(const char *wmbiffrc_fname)
+{
+	struct stat st;
+	if (stat(wmbiffrc_fname, &st)) {
+		DMA(DEBUG_ERROR, "Can't stat wmbiffrc: '%s'\n", wmbiffrc_fname);
+		return (1);				/* well, it's not a bad permission
+								   problem: if you can't find it,
+								   neither can the bad guys.. */
+	}
+	if (st.st_uid != getuid()) {
+		char *user = getenv("USER");
+		DMA(DEBUG_ERROR,
+			".wmbiffrc '%s' isn't owned by you.\n"
+			"Verify its contents, then 'chown %s %s'\n",
+			wmbiffrc_fname, ((user != NULL) ? user : "(your username)"),
+			wmbiffrc_fname);
+		return (0);
+	}
+	if (st.st_mode & S_IWOTH) {
+		DMA(DEBUG_ERROR, ".wmbiffrc '%s' is world writable.\n"
+			"Verify its contents, then 'chmod 0600 %s'\n",
+			wmbiffrc_fname, wmbiffrc_fname);
+		return (0);
+	}
+	if (st.st_mode & S_IROTH) {
+		DMA(DEBUG_ERROR, ".wmbiffrc '%s' is world readable.\n"
+			"Please run 'chmod 0600 %s' and consider changing your passwords.\n",
+			wmbiffrc_fname, wmbiffrc_fname);
+		return (0);
+	}
+	return (1);
+}
+
 
 
 void do_biff(int argc, char **argv)
@@ -709,6 +731,20 @@ int main(int argc, char *argv[])
 	char uconfig_file[256];
 
 	parse_cmd(argc, argv, uconfig_file);
+
+	/* decide what the config file is */
+	if (uconfig_file[0] != 0) {	/* user-specified config file */
+		DMA(DEBUG_INFO, "Using user-specified config file '%s'.\n",
+			uconfig_file);
+	} else {
+		sprintf(uconfig_file, "%s/.wmbiffrc", getenv("HOME"));
+	}
+
+	if (wmbiffrc_permissions_check(uconfig_file) == 0) {
+		DMA(DEBUG_ERROR,
+			"WARNING: In future versions of WMBiff, .wmbiffrc MUST be\n"
+			"owned by the user, and not readable or writable by others.\n\n");
+	}
 	init_biff(uconfig_file);
 	signal(SIGCHLD, sigchld_handler);
 	do_biff(argc, argv);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git

More information about the Pkg-wmaker-commits mailing list